ChrisAdamsdevelopment · ChrisAdamsdevelopment · May 13, 2026 · May 13, 2026
diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ For a step-by-step manual validation flow (local, API smoke, auth, billing, uplo
 
 - Browser metadata analysis uses maintained `music-metadata` with graceful fallback (`parseError`) when parsing fails, times out, or is skipped for very large files.
 - Quick Cleanse metadata writing remains local/browser-side (MP3 via `browser-id3-writer`).
-- Full Server Cleanse runs through `/api/process` for supported non-MP3 formats; MP3 requests are rejected with HTTP `422` and guidance to use Quick Cleanse Browser.
+- Full Server Cleanse runs through `/api/process`; MP3 requests are rejected with HTTP `422` and guidance that Full Server Cleanse is best supported for MP4/M4A, while WAV/FLAC may still be rejected when ExifTool cannot safely rewrite them.
 
 ---
 
@@ -119,5 +119,5 @@ Never commit real secrets to source control.
 
 - `POST /api/process-batch` (authenticated): processes up to 20 uploaded files sequentially for paid plans (Creator/Studio). Free plan returns `403`.
 - `GET /api/download/:token` (authenticated): one-time secure download for batch outputs.
-- MP3 server cleanse remains unsupported (`422` for single process, per-file error in batch); use Quick Cleanse Browser for MP3.
+- MP3 server cleanse remains unsupported (`422` for single process, per-file error in batch); use Quick Cleanse Browser for MP3. Full Server Cleanse is best supported for MP4/M4A, and WAV/FLAC may be rejected if ExifTool cannot safely rewrite them.
 - Batch requests enforce a 2GB post-upload soft guard; production deployments should still enforce proxy/body-size/disk limits.
diff --git a/docs/manual-qa-checklist.md b/docs/manual-qa-checklist.md
@@ -104,7 +104,7 @@ Run these checks against your local server:
 4. Verify forensic/report information appears when present.
 5. Upload MP3 to Full Server Cleanse and verify HTTP `422` JSON:
    - Expected error: `MP3 server cleanse is not supported`.
-   - Expected detail tells user to use Quick Cleanse (Browser) for MP3.
+   - Expected detail: `Use Quick Cleanse (Browser) for MP3. Full Server Cleanse is best supported for MP4/M4A; WAV/FLAC may be rejected if ExifTool cannot safely rewrite them.`
    - Expected usage counter does **not** increment on this rejection.
 6. Force or simulate `401` from protected endpoint.
    - Expected: user is logged out/reauth requested.

diff --git a/server.js b/server.js
@@ -464,7 +464,7 @@ app.post('/api/process', requireAuth, upload.single('file'), async (req, res) =>
   const isMp3 = ext === '.mp3' || mime === 'audio/mpeg';
   if (isMp3) {
     await fs.remove(inputPath).catch(() => {});
-    return res.status(422).json({ error: 'MP3 server cleanse is not supported', detail: 'Use Quick Cleanse (Browser) for MP3 metadata rewriting, or upload MP4/M4A/WAV/FLAC for Full Server Cleanse.' });
+    return res.status(422).json({ error: 'MP3 server cleanse is not supported', detail: 'Use Quick Cleanse (Browser) for MP3. Full Server Cleanse is best supported for MP4/M4A; WAV/FLAC may be rejected if ExifTool cannot safely rewrite them.' });
   }
   const dbUser = db.prepare('SELECT plan FROM users WHERE id = ?').get(userId);
   const userPlan = dbUser?.plan ?? 'free';